Security Update available for Shockwave Player

Shockwave version 11.5.0.600 (Windows) has been released. Adobe has categorised this as a critical update as successful exploitation of the vulnerability allows the attacker to take control of the affected system. This issue is remotely exploitable.

Security Update available for Shockwave Player [1]
Release date: June 23, 2009
Vulnerability identifier: APSB09-08
CVE number: CVE-2009-1860
Platform: Windows

Summary
A critical vulnerability has been identified in Adobe Shockwave Player 11.5.0.596 and earlier versions. This vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Adobe has provided a solution for the reported vulnerability. It is recommended that users update their installations using the instructions provided below. …

No exploit details made public yet. It should be pointed out that their upgrade instructions recommend uninstalling the old version, rebooting the machine, and then installing the new version. [2]

Analysis: Patch now

LINKS:
[1] Security Update available for Shockwave Player APSB09-08 (2009-Jun-23) [Adobe]
[2] Adobe Shockwave Player Update (2009-Jun-24) [SANS]

CRP09-027

This entry was posted in patch, security and tagged , . Bookmark the permalink.

1 Response to Security Update available for Shockwave Player

  1. KJ says:

    Read this. Messy stuff… 😦

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.